On Tuesday, Senator Patrick Leahy introduced the revised USA Freedom Act, a bipartisan bill to rein in the National Security Agency’s collection of telephone and Internet records. If Congress enacts Senator Leahy’s bill in its current form, it will mark the most significant reform of US intelligence gathering since the Foreign Intelligence Surveillance Act, enacted in the 1970s in response to the Church Committee’s revelations of abusive spying practices on political dissidents and activists.
This time, of course, the calls for reform were sparked not by a congressional inquiry, but by information leaked by Edward Snowden, the former NSA contractor who risked criminal prosecution and de facto banishment to let Americans know what its most expansive spy agency was doing to their rights in the name of their security. In December 2013, six months after Snowden’s first revelations, the president’s own expert panel recommended changes to the NSA program. In May, the House passed an earlier version of the USA Freedom Act, which unfortunately had been watered down at the behest of Obama administration officials in secret last-minute negotiations. Senator Leahy’s bill would significantly strengthen the House bill.
Leahy’s bill comes not a moment too soon. Two reports issued on Monday bring into full view the costs of a system that allows its government to conduct dragnet surveillance without specific suspicions of wrongdoing. In With Liberty to Monitor All, Human Rights Watch and the ACLU make a powerful case that mass surveillance has already had a devastating effect on journalists’ ability to monitor and report on national security measures, and on lawyers’ ability to represent victims of government overreaching. And the same day, the New America Foundation issued Surveillance Costs, a report noting the widespread economic harm to US tech companies that NSA surveillance has inflicted, as potential customers around the world take their business elsewhere.
Together, these reports make concrete the damaging effects of out-of-control surveillance, even to those with “nothing to hide.” Our democracy has long rested on a vibrant and vigorous press and open legal system. On matters of national security, journalists probably serve as a more important check on the executive than even the courts or Congress. Without disclosures by media, we would not know about the CIA’s torture, rendition, and secret prison programs, President George W. Bush’s warrantless wiretapping orders, and much of the abuse at Abu Ghraib. In turn, attorneys play an essential part in revealing and challenging government abuse. It wasn’t until lawyers gained access to Guantanamo, by winning the right to pursue habeas corpus lawsuits on behalf of the detainees, that we began to learn in detail about the abusive practices conducted there. Freedom of Information Act lawsuits brought by the ACLU have forced the government to disclose hundreds of secret documents in connection with the CIA’s interrogation program and targeted killing by drones.
But as the HRW report illustrates, a system of mass surveillance directly undermines the checking function that both journalists and lawyers serve. National security reporting relies on access to sources, and sources generally require confidentiality. Lawyers have the same need for confidentiality—recognized in the longstanding common law concept of attorney-client privilege. In the age of mass surveillance, HRW found, lawyers and journalists cannot be sure that their communications will in fact be confidential; any electronic communication, even merely to pick a meeting time and place, leaves a digital trail that can be—and increasingly is—collected by the government.
The effects have already been far reaching. The HRW report includes accounts by reporters from The New York Times, The Washington Post, The Wall Street Journal, McClatchy News, and many other news organizations on the obstacles they now face doing work that much of the country relies on for information about what our government is doing behind closed doors. As Steve Coll, staff writer for The New Yorker and Dean of the Columbia School of Journalism, says: “Every national security reporter I know would say that the atmosphere in which professional reporters seek insight into policy failures [and] bad military decisions is just much tougher and much chillier.” In the post-Snowden world, it seems, the only way to guarantee confidentiality is through clandestine person-to-person meetings.
And, it turns out, tech companies also need to be able to promise confidentiality. Customers of Internet services or cloud computing storage programs, for example, expect and need to be certain that their messages and stored data will be private. Snowden’s revelations that the NSA has been collecting vast amounts of computer data, and has exploited vulnerabilities in corporate encryption programs, have caused many to lose confidence in the security of American tech companies in particular. According to Silicon Valley executives interviewed by the New America Foundation, this is already cutting into their business in extremely costly ways. Unless trust in the confidentiality of American services can be restored, a major sector of our economy will be hard-hit.
That’s why, shortly after the House passed its seriously compromised version of the USA Freedom Act in May, the CEOs of leading tech companies, including Google, Apple, Facebook, Yahoo, Twitter, Microsoft, and Dropbox, published an open letter to the Senate in The New York Times and elsewhere calling on the Senate to strengthen the bill that passed the House. In their view, the House version imposed insufficient limits on the government’s ability to engage in bulk collection of phone data, and placed unacceptable constraints on providers’ ability to report on the fact that they had been compelled to provide information to the NSA.
Senator Leahy’s bill responds to these concerns, and then some. The House version would have permitted “bulk collection” of calling records to continue, by allowing the government, for example, to demand all phone records related to a particular city or zip code. Senator Leahy’s bill, by contrast, requires the government to specify a “person, account, address, or personal device” that “narrowly limit[s] the scope of the tangible things sought to the greatest extent reasonably practicable.” And it expressly bars the government from requesting information related to a “broad geographic region” or “an electronic communication service provider,” which could sweep up thousands of innocent persons’ information,unless the provider itself is the target of an investigation. And it authorizes requests for call records only for investigations of terrorism, not for general inquiries into foreign affairs.
Senator Leahy’s bill also promotes transparency about government demands for phone calling records and other business records, by (1) authorizing the recipients of orders to turn over records to provide more information to the public about those orders, (2) requiring the government to make a specific showing of need to prohibit the disclosure of such orders; (3) requiring the Foreign Intelligence Surveillance Court to make more extensive declassification and public summaries of its decisions; and (4) expanding the information that the government must report to Congress and the public on an annual basis about the frequency, scope, and results of its use of these powers. In particular, the Leahy bill requires the government to report the number of individuals whose records it has collected each year. Had we been told that the NSA was collecting records on hundreds of millions of Americans through such reporting requirements, Edward Snowden might not have felt compelled to leak the information, and the NSA program would likely have been reformed long before now.
Senator Leahy’s bill is not a cure-all. It is primarily addressed to the collection of data within the United States, and does little to reform Section 702, the statute that authorizes the PRISM program and allows the government to collect the content of electronic communications of noncitizens abroad, even if they are communicating with US citizens here. And it says nothing about the NSA’s deeply troubling practice of inserting vulnerabilities into encryption programs that can be exploited by any hacker. It won’t, therefore, solve all the problems that the HRW and New American Foundation reports identify. But it would mark an important and consequential first step. Now the only question is whether Congress can stick to this strengthened version, or whether the Obama administration’s intelligence hawks will, as they did on the House side, sabotage the reform at the last minute.